Apparatus And Method For Executing The Handoff Process In Wireless Networks
Disclosed is an apparatus and method for executing the handoff process in the wireless networks. The apparatus comprises a processor to execute an identity checking mechanism. When a wireless network station wants to move from a source AP to a destination AP, the wireless network station sends an authentication request message to the destination AP. The identity checking mechanism searches a R0KH table of the destination AP for the R0KH ID contained in the authentication request message, and determines a setting parameter for executing a handoff process. Thereby, the wireless network station may execute the handoff process. A R0KH table of an AP consists of all IDs of R0KHs that can be accessed by the AP.
The present invention generally relates to an apparatus and method for executing the handoff process in the wireless networks.
BACKGROUND OF THE INVENTIONThe wireless networks are an important medium for connecting to Internet. The wireless network is more prone to tapping and theft in comparison with the wired network. Between an access point (AP) and a wireless network station, the use of security key for authentication and encryption is an important issue for wireless networks. If the AP and the wireless network station do not save the security key in advance, the key will cause the execution of a handoff process when the wireless network station connected to an AP.
Because the handoff process takes much time, the execution of the handoff process may interrupt the real-time application, such as voice over IP (VoIP). IEEE802.11r protocol defines three-level key architecture to accelerate the execution of handoff process and generate security key.
The second level key PMK-R1 is stored at wireless network station 101 and a R1 key holder (R1KH). PMK-R1 is generated by PMK-R0. PMK-R1 may be used to generate the third level Pairwise Transient Key (PTK). The PTK is the key for message encryption and decryption between wireless network station 101 and the APs inside the third level.
The aforementioned IEEE802.11r three-level key architecture defines the mobility domain (MD) architecture. As shown in
Based on the MD architecture defined in IEEE802.11r protocol specifications, the movement of the wireless network station may be divided into intra-MD movement and Inter-MD movement. The intra-MD movement may be further divided into intra-R1KH movement and inter-R1KH movement. For example, wireless network station 101 switching from AP0 to AP1 is an intra-R1KH movement, and switching from AP1 to AP2 or AP3 is an inter-R1KH movement. These two examples are both intra-MD movements within domain 110. On the other hand, a switching from AP3 in MD 110 to AP4 in MD 120 is an inter-MD movement.
When moving in MD, a wireless network station needs to execute a fast basic service set (Fast BSS) handoff process. For inter-MD movement, the wireless network station needs to execute initial MD association handoff process. Through the MD Identity (MDID) embedded in the periodical broadcast of probe and beacon messages by the AP, it is possible to distinguish the inter-MD movement from intra-MD movement.
The current MDID can be assigned by each vendor; however, there is no guarantee that the MDID assigned by different vendors will be unique. Therefore, when a wireless network station executes inter-MD movement, the inter-MD movement may be mistakenly identified as an intra-MD movement because of the same MDID, and then the Fast BSS handoff process is executed. In this scenario, during the execution of Fast BSS handoff process, the AP cannot generate PTK because the R1KH cannot obtain PMK-R1 from R0KH used by the wireless network station. Therefore, the AP will notify the wireless network station to terminate the Fast BSS handoff process, and to execute the initial MD association handoff process.
In
In step 201A and step 201B, wireless network station 101 and AP1 execute the open system authentication process. In step 201A, wireless network station 101 transmits authentication request to AP1. In step 201B, AP1 replies the authentication response to wireless network station 101. After the open system authentication process finishes, AP1 allows wireless network station 101 to transmit IEEE802.11r communication protocol messages to AAA server.
Steps 202A & 202B are association request and association response, respectively. In step 202A, wireless network station 101 transmits association request to AP1, where the field of the mobility domain information element (MDIE) of the association request message is set as “0” to indicate that wireless network station 101 supports Fast BSS handoff process. In step 202B, AP1 uses association response message to store the R0KH1, R1KH1 and MDID in the MDIE field, and transmits the association response message to wireless network station 101.
In step 203, wireless network station 101 executes the IEEE803.1X authentication to AAA server 103 through AP1. After the authentication step is successful, wireless network station 101 and AAA server 103 generate the MSK respectively, and AAA server 103 will transmit the MSK to R0KH1.
Steps 204A & 204B are to generate PMK-R0 and PMK-R1, respectively. In step 204A, wireless network station 101 and R0KH1 execute the key derivation function (KDF) algorithm, respectively, to use R0KH1 with MSK, and the MAC address of wireless network station 101 to generate PMK-R0. In step 204B, PMK-R1 may be generated by using PMK-R0, MAC address of wireless network station 101, and ID of R1KH1.
In step 205, wireless network station 101 and AP1 execute the 4-way handshake of IEEE802.11i to generate PTK. In this step, wireless network station 101 and AP1 generate a random number “SNonce” and a random number “ANonce”, respectively, and exchange. AP1 transmit the two random numbers “SNonce” and “ANonce”, ID of R0KH1, MAC address of wireless network station 101 and MAC address of AP1 to R1KH1. Then, wireless network station 101 and R1KH1 execute KDF algorithm, respectively, and use the above parameters, ID of R1KH1 and PMK-R1 to generate PTK. After generating PTK, R1KH1 transmits the PTK to AP1.
After executing the above initial MD association handoff process, wireless network station 101 is successfully connected to AP1, and R0KH1 and R1KH1 will store PMK-R0 and PMK-R1, respectively. PMK-R0 and PMK-R1 may be used to generate a new PTK. Therefore, the time-consuming IEEE802.1X authentication process may be saved to reduce the handoff process time.
When the wireless network station moves within MD1, for example, from AP1 to AP3, the wireless network station may execute the Fast BSS handoff process of
Because AP1 and AP3 are both in MD1, in step 301A, wireless network station 101 notifies AP3 through the fast transition (FT) authentication request message to execute FT authentication. The authentication request message includes a random number SNonce for generating PTK, and an MDIE field. The MDIE field includes the IDs of R0KH1, R1KH1, and MDID of MD1.
AP3 knows of the occurrence of the inter-R1KH switch from the authentication request message, and replies an authentication response message to wireless network station 101, as shown in step 301B. The authentication response message includes a random number ANonce for generating PTK, and an MDIE field. The MDIE field at least includes the IDs of R0KH2, R1KH3, and MDID of MD 110.
After receiving the FT authentication response message from AP3, wireless network station 101 uses random number ANonce and MDIE, and with ID of R1KH3, MAC address of wireless network station 101 and PMK-R0 to generate PMK-R1. The PMK-R1 will be stored in wireless network station 101 and R1KH3. Then, step 302 is to generate PTK according to MAC address of wireless network station 101, MAC address of AP3, SNonce, ANonce, and IDs of R0KH1 and R1KH3. If wireless network station 101 moves from AP1 to AP0, the old PMK-R1 may be used directly to generate PTK because AP1 and AP0 are connected to the same R1KH.
As shown in step 303, AP3 transmits MAC address of wireless network station 101, MAC address of AP, SNonce, ANonce, ID of R0KH1 to R1KH3 for generating new PTK.
In step 304, according to the ID of R0KH1, R1KH3 requests PMK-R1 from R0KH1. However, if wireless network station 101 moves from AP1 to AP0, this step may be omitted.
After obtaining new PMK-R1, R1KH3 executes KDF algorithm to generate network station 101 and AP3 both have the same PTK.
Wireless network station 101 and AP3 then execute step 306 for resource from AP1 to AP3. In this manner, wireless network station 101 may start to use AP3 service.
In the Fast BSS handoff process, the PMK-R0 is re-used to generate new PTK to accelerate the handoff process. Because the AP will broadcast the probe and beacon response frame with the IDs of R0KH and R1KH used by the AP and the ID of MD embedded in the frame, the appropriate handoff process may be selected after the wireless network station selects the AP, and whether the movement is an Inter-MD movement or an intra-MD movement is determined. Especially, the MAC address may be used to identify R0KH and R1KH, and MDID is managed by the vendors.
SUMMARY OF THE INVENTIONIn accordance with the exemplary embodiments of the present invention, the disclosed is directed to an apparatus and method for executing the handoff process in wireless networks. Without MDID for executing handoff process, the uncertainty of MDID may be ruled out. In the present disclosure, each AP stores a R0KH table, and the R0KH table records the IDs of all the R0KHs at the AP.
In an exemplary embodiment of the present invention, the disclosed is directed to an apparatus for executing handoff process in wireless network. The apparatus comprises a processor to execute an identity checking mechanism. The R0KH table of a destination AP consists of the IDs of all the R0KHs accessible within the coverage of the destination AP. When a wireless network station wants to move from a source AP to a destination AP, the wireless network station sends an authentication request message to the destination AP. The identity checking mechanism searches the R0KH table of the destination AP for the R0KH ID contained in the authentication request message, and determines a setting parameter for executing a handoff process. Thereby, the wireless network station may execute the handoff process.
In another exemplary embodiment of the present invention, the disclosed is directed to a method for executing handoff process in wireless networks, applicable to the movement of a wireless network station. When a wireless network station wants to move from a source AP to a destination AP, the method comprises: a wireless network station transmitting an authentication request message to the destination AP, the authentication request message including an R0KH ID; using the R0KH ID to search the R0KH table of the destination AP for selecting a transition process, the R0KH table of destination AP including the IDs of all the R0KHs accessible to the destination AP; when the R0KH ID not in the R0KH table, executing an initial MD association handoff process; and when the R0KH ID in the R0KH table, executing a Fast BSS handoff process.
The foregoing and other features, aspects and advantages of the present invention will become better understood from a careful reading of a detailed description provided herein below with appropriate reference to the accompanying drawings.
The disclosed embodiments in accordance with f the present invention may provide an apparatus and a method for the AP to select the suitable handoff process for the wireless network station without using the MDID to avoid the MDID collision. In the disclosed embodiments, each AP stores a R0KH table with all the R0KH IDs. When the wireless network station moves from an AP to another AP, the present invention may help the wireless network station to select a suitable handoff process by searching the R0KH table. The movement of the wireless network station may be either inter-MD movement or intra-MD movement.
Take the 3-level key architecture of IEEE802.11r communication protocol in
With the R0KH table, each AP may select the suitable handoff process for the wireless network station without MDID.
Referring to
For example, in
After receiving the authentication response message from the destination AP, wireless network station 501 will execute the Fast BSS handoff process if the setting parameter in the response message is FT authentication; on the other hand, wireless network station 501 will execute the initial MD association handoff process if the setting parameter is the open system authentication.
Therefore, in
Because the change and update of the R0KHs within the MD cover range is less frequent, the contents of R0KH table 515 may be either dynamically or statically set in AP through the AP management system. The storing of the IDs of all the R0KHs may be done through the search of R0KH table 515, and the AP management system allows the wireless network station to select the handoff process. The exemplary structure of the disclosed embodiments in accordance with the present invention does not need to manage MDID. Therefore, the execution of unsuitable handoff process caused by the MDID collision will not occur. The present invention is also applicable to the wireless network platforms of IEEE802.11r communication protocol.
According to the exemplary architecture of the disclosed embodiments, when the change or update of the R0KHs of a MD occurs, the IDs of the R0KHs in the AP may be dynamically or manually updated.
Step 702 is to select the handoff process. Through searching for the ID of the message to destination AP 562. The authentication request message notifies destination AP 562 to execute FT authentication. The authentication request message at least contains the information of a R0KH ID, but the MDID information is not necessary included in the authentication request message.
Step 702 is to select the handoff process. Through searching for the ID of the R0KH in the R0KH table of destination AP 562, a suitable handoff process may be determined. After destination AP 562 receives the authentication request message from wireless network station 501, destination AP 562 reads the R0KH ID in the message, and compares with the R0KH table of destination AP to determine whether wireless network station 501 should execute initial MD association handoff process (step 703), or Fast BSS handoff process (step 704).
When R0KH ID is not stored in the R0KH table of destination AP 562, destination AP 562 executes the open system authentication and replies the authentication response message to wireless network station 501, as in step 703. In the response message, the setting parameter is set as the open system authentication. After wireless network station 501 receives the response message, wireless network station 501 executes the initial MD association handoff process. The description of the initial MD association handoff process is as in
When R0KH ID is already stored in R0KH table of destination AP 562, destination AP 562 executes the FT authentication and replies the authentication response message to wireless network station 501, as in step 704. In the response message, the setting parameter is set as the FT authentication. After wireless network station 501 receives the response message, wireless network station 501 executes the Fast BSS handoff process. The description of the fast BSS handoff process is as in
In this manner, without the MDID for handoff process, the present invention may avoid the uncertainty of MDID. Also, through searching for the R0KH table stored at AP, the wireless network station may distinguish whether the movement is an inter-MD movement or an intra-MD movement, and selects a suitable handoff process accordingly.
Although the present invention has been described with reference to the exemplary embodiments, it will be understood that the invention is not limited to the details described thereof. Various substitutions and modifications have been suggested in the foregoing description, and others will occur to those of ordinary skill in the art. Therefore, all such substitutions and modifications are intended to be embraced within the scope of the invention as defined in the appended claims.
Claims
1. An apparatus for executing handoff process in wireless networks, applicable to the movement of a wireless network station when said wireless network station moving from a source access point (AP) to a destination AP, said apparatus comprising:
- a processor, executing an identity (ID) checking mechanism, said wireless network station transmitting an authentication request message to said destination AP, said ID checking mechanism using a R0 key holder (R0KH) ID included in said authentication request message to search a R0KH table of said destination AP for determining a setting parameter for a handoff process, and said wireless network station executing said handoff process according to said setting parameter;
- wherein said R0KH table of said destination AP consisting of the IDs of all said R0KHs accessible to said destination AP within the cover range of said destination AP.
2. The apparatus as claimed in claim 1, wherein said handoff process is either an initial mobility domain (MD) association handoff process or a Fast Basic Service Set handoff process.
3. The apparatus as claimed in claim 1, wherein each AP in said wireless network stores a R0KH table consisting of the IDs of all R0KHs accessible to said AP within the cover range of said AP.
4. The apparatus as claimed in claim 1, wherein when said R0KH ID contained in said authentication request message is stored in said R0KH table, said setting parameter of said handoff process is fast transition authentication.
5. The apparatus as claimed in claim 1, wherein when said R0KH ID contained in said authentication request message is not stored in said R0KH table, said setting parameter of said handoff process is open system authentication.
6. The apparatus as claimed in claim 1, wherein said apparatus is applied to IEEE802.11r protocol.
7. The apparatus as claimed in claim 1, wherein said movement of said wireless network station is either an inter-MD movement or an intra-MD movement.
8. A method for executing handoff process in wireless networks, applicable to the movement of a wireless network station when said wireless network station moving from a source access point (AP) to a destination AP, said method comprising:
- said wireless network station transmitting an authentication request message to said destination AP, said authentication request message containing a R0 key holder identity (R0KH ID);
- using said R0KH ID to search a R0KH table of said destination AP for determining a handoff process, said R0KH table of said destination AP consisting of the IDs of all said R0KHs accessible to said destination AP within the cover range of said destination AP;
- when said R0KH ID not being stored in said R0KH table, said wireless network station executing an initial mobility domain (MD) association handoff process; and
- when said R0KH ID being stored in said R0KH table, said wireless network station executing a Fast Basic Service Set (BSS) handoff process.
9. The method as claimed in claim 8, wherein each AP in said wireless network stores a R0KH table consisting of the IDs of all said R0KHs accessible to said AP within the cover range of said AP.
10. The method as claimed in claim 8, wherein when said R0KH ID contained is not stored in said R0KH table, said destination AP replies an authentication response message containing a setting parameter of said handoff process, and sets said setting parameter as open system authentication.
11. The method as claimed in claim 8, wherein when said R0KH ID contained is stored in said R0KH table, said destination AP replies an authentication response message containing a setting parameter of said handoff process, and sets said setting parameter as fast transition (FT) authentication.
12. The method as claimed in claim 8, wherein said source AP and said destination AP are both in the same MD.
13. The method as claimed in claim 8, wherein said source AP and said destination AP are in different MDs.
14. The method as claimed in claim 10, wherein said wireless network station executes an initial MD association handoff process.
15. The method as claimed in claim 11, wherein said wireless network station executes a Fast BSS handoff process.
Type: Application
Filed: May 5, 2008
Publication Date: Jul 2, 2009
Patent Grant number: 8050678
Inventors: Yi-Bing Lin (Hsinchu), Shih-Feng Hsu (Tainan)
Application Number: 12/114,818
International Classification: H04M 1/66 (20060101);